> Obviously, to do stuff like this, you need to generate certificates. The reasonable way to do that in 2020 is with LetsEncrypt. We do that for our users automatically, but “it just works” makes for a pretty boring writeup, so let’s see how complicated and meandering I can make this.

This delighted me.

Exciting! Are you doing this in your role as Latacora helping out startups with security challenges? (Update: apparently not https://twitter.com/tqbf/status/1276212163582070785)

How is the Fly proxy implemented? Are you using rustls and/or any of the available ACME crates?

I've been wanting to implement tls-alpn-01 support for rustls (although it might be possible to do this just by mutating the ServerConfig over time).

Also interested to hear your general impressions of Rust so far (I think I read some Twitter grumbling...).

I'm full-time at Fly. I'll let Jerome answer the fly-proxy question, since it's his code and I wouldn't want to inadvertently take credit.

I think I came across as grumbling about Rust when my real perspective was much more subtle. My take on Rust so far is that it has been, for me, a vindication of a lot of decisions the Go team made, because I've been directly exposed to some of the downsides of the opposite decisions. But, while that sounds like a critique of Rust, it's not! Rust is the way it is for real reasons: zero-cost abstractions and no runtime GC, which are, right now, requirements for some application domains.

For me, right now, writing in Rust feels almost identical to how writing in C++ felt 15 years ago. But I'll keep writing in it, and it'll get faster for me. We're a Rust-on-the-data-plane shop!

If you run into issues in Rust that you believe might be signs of a need for language improvements, please feel free to raise them. I'm happy to help.

Hey there, Fly co-founder here!

Fly's proxy uses a mix of tokio, hyper and rustls. We don't need to use a crate that handles ACME because we're processing all the validation and certificate authorizations from a centralized, boring, Rails application.

We've had to submit a PR to the rustls project a few months ago to handle different ALPNs. Instead of resolving a certificate only from a SNI, the crate now provides the full ClientHello which contains negotiable ALPNs. With that information you can respond to the tls-alpn-01 challenge.

What I perceived as grumbling:

"I absolutely understand what y’all like so much about Rust, but I have to say that as an auditor, my blood pressure drops and my shoulders relax the moment I switch from reading a Rust project to reading a Go project."

https://twitter.com/tqbf/status/1260678152084480008

As long as we're clear that I'm not saying "Rust is less secure than Go", which is not at all what I meant. I just meant that it's much easier for me to read Go code.

(I will however miss match expressions when I return to my home planet.)

I'd be very curious to hear if there are specific bits about the Rust language that you think make it harder to audit or that (so far) it's just the lack of experience.